From 0d6e8edc2a47a4b4c6824936632bfb83850db343 Mon Sep 17 00:00:00 2001
From: Piotr Sarnacki <drogus@gmail.com>
Date: Sat, 4 May 2013 15:09:22 +0200
Subject: Move actionpack/lib/action_view* into actionview/lib

---
 actionview/lib/action_view/helpers/csrf_helper.rb | 30 +++++++++++++++++++++++
 1 file changed, 30 insertions(+)
 create mode 100644 actionview/lib/action_view/helpers/csrf_helper.rb

(limited to 'actionview/lib/action_view/helpers/csrf_helper.rb')

diff --git a/actionview/lib/action_view/helpers/csrf_helper.rb b/actionview/lib/action_view/helpers/csrf_helper.rb
new file mode 100644
index 0000000000..eeb0ed94b9
--- /dev/null
+++ b/actionview/lib/action_view/helpers/csrf_helper.rb
@@ -0,0 +1,30 @@
+module ActionView
+  # = Action View CSRF Helper
+  module Helpers
+    module CsrfHelper
+      # Returns meta tags "csrf-param" and "csrf-token" with the name of the cross-site
+      # request forgery protection parameter and token, respectively.
+      #
+      #   <head>
+      #     <%= csrf_meta_tags %>
+      #   </head>
+      #
+      # These are used to generate the dynamic forms that implement non-remote links with
+      # <tt>:method</tt>.
+      #
+      # Note that regular forms generate hidden fields, and that Ajax calls are whitelisted,
+      # so they do not use these tags.
+      def csrf_meta_tags
+        if protect_against_forgery?
+          [
+            tag('meta', :name => 'csrf-param', :content => request_forgery_protection_token),
+            tag('meta', :name => 'csrf-token', :content => form_authenticity_token)
+          ].join("\n").html_safe
+        end
+      end
+
+      # For backwards compatibility.
+      alias csrf_meta_tag csrf_meta_tags
+    end
+  end
+end
-- 
cgit v1.2.3